--- nsaserefpolicy/policy/modules/apps/vmware.fc	2008-08-07 11:15:03.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/apps/vmware.fc	2008-08-14 13:53:54.000000000 -0400
@@ -1,9 +1,9 @@
 #
 # HOME_DIR/
 #
-HOME_DIR/\.vmware(/.*)?			gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
-HOME_DIR/\.vmware[^/]*/.*\.cfg	--	gen_context(system_u:object_r:ROLE_vmware_conf_t,s0)
-HOME_DIR/vmware(/.*)?			gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
+HOME_DIR/\.vmware(/.*)?			gen_context(system_u:object_r:vmware_home_t,s0)
+HOME_DIR/\.vmware[^/]*/.*\.cfg	--	gen_context(system_u:object_r:vmware_home_t,s0)
+HOME_DIR/vmware(/.*)?			gen_context(system_u:object_r:vmware_home_t,s0)
 
 #
 # /etc
@@ -21,32 +21,26 @@
 /usr/bin/vmware-nmbd		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
 /usr/bin/vmware-ping		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
 /usr/bin/vmware-smbd		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+/usr/sbin/vmware-guest.*		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
 /usr/bin/vmware-smbpasswd	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
 /usr/bin/vmware-smbpasswd\.bin	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
 /usr/bin/vmware-vmx		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
 /usr/bin/vmware-wizard		--	gen_context(system_u:object_r:vmware_exec_t,s0)
 /usr/bin/vmware			--	gen_context(system_u:object_r:vmware_exec_t,s0)
+/usr/sbin/vmware-serverd	--	gen_context(system_u:object_r:vmware_exec_t,s0)
 
 /usr/lib/vmware/config		--	gen_context(system_u:object_r:vmware_sys_conf_t,s0)
-/usr/lib/vmware/bin/vmplayer	--	gen_context(system_u:object_r:vmware_exec_t,s0)
 /usr/lib/vmware/bin/vmware-mks	--	gen_context(system_u:object_r:vmware_exec_t,s0)
 /usr/lib/vmware/bin/vmware-ui	--	gen_context(system_u:object_r:vmware_exec_t,s0)
+/usr/lib/vmware/bin/vmplayer  --	gen_context(system_u:object_r:vmware_exec_t,s0)
 /usr/lib/vmware/bin/vmware-vmx	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
 
-ifdef(`distro_redhat',`
-/usr/lib/vmware-tools/sbin32/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/lib/vmware-tools/sbin64/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
-')
-
 /usr/lib64/vmware/config	--	gen_context(system_u:object_r:vmware_sys_conf_t,s0)
 /usr/lib64/vmware/bin/vmware-mks --	gen_context(system_u:object_r:vmware_exec_t,s0)
 /usr/lib64/vmware/bin/vmware-ui --	gen_context(system_u:object_r:vmware_exec_t,s0)
 /usr/lib64/vmware/bin/vmplayer  --	gen_context(system_u:object_r:vmware_exec_t,s0)
 /usr/lib64/vmware/bin/vmware-vmx --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
 
-/usr/sbin/vmware-guest.*	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-/usr/sbin/vmware-serverd	--	gen_context(system_u:object_r:vmware_exec_t,s0)
-
 ifdef(`distro_gentoo',`
 /opt/vmware/(workstation|player)/bin/vmnet-bridge --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
 /opt/vmware/(workstation|player)/bin/vmnet-dhcpd --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
@@ -63,6 +57,7 @@
 ')
 
 /var/log/vmware.* 		--	gen_context(system_u:object_r:vmware_log_t,s0)
-
 /var/run/vmnat.* 		-s	gen_context(system_u:object_r:vmware_var_run_t,s0)
 /var/run/vmware.* 			gen_context(system_u:object_r:vmware_var_run_t,s0)
+/usr/lib/vmware-tools/sbin32/vmware.*	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+/usr/lib/vmware-tools/sbin64/vmware.*	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
--- nsaserefpolicy/policy/modules/apps/vmware.if	2008-08-07 11:15:03.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/apps/vmware.if	2008-08-14 13:53:54.000000000 -0400
@@ -47,11 +47,8 @@
 	domain_entry_file($1_vmware_t, vmware_exec_t)
 	role $3 types $1_vmware_t;
 
-	type $1_vmware_conf_t;
-	userdom_user_home_content($1, $1_vmware_conf_t)
-
-	type $1_vmware_file_t;
-	userdom_user_home_content($1, $1_vmware_file_t)
+	typealias vmware_home_t alias $1_vmware_file_t;
+	typealias vmware_home_t alias $1_vmware_conf_t;
 
 	type $1_vmware_tmp_t;
 	files_tmp_file($1_vmware_tmp_t)
@@ -84,12 +81,9 @@
 
 	can_exec($1_vmware_t, vmware_exec_t)
 
-	# User configuration files
-	allow $1_vmware_t $1_vmware_conf_t:file manage_file_perms;
-
 	# VMWare disks
-	manage_files_pattern($1_vmware_t, $1_vmware_file_t, $1_vmware_file_t)
-	manage_lnk_files_pattern($1_vmware_t, $1_vmware_file_t, $1_vmware_file_t)
+	manage_files_pattern($1_vmware_t, vmware_home_t, vmware_home_t)
+	manage_lnk_files_pattern($1_vmware_t, vmware_home_t, vmware_home_t)
 
 	allow $1_vmware_t $1_vmware_tmp_t:file execute;
 	manage_dirs_pattern($1_vmware_t, $1_vmware_tmp_t, $1_vmware_tmp_t)
--- nsaserefpolicy/policy/modules/apps/vmware.te	2008-08-07 11:15:03.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/apps/vmware.te	2008-08-14 13:53:54.000000000 -0400
@@ -10,14 +10,14 @@
 type vmware_exec_t;
 corecmd_executable_file(vmware_exec_t)
 
+type vmware_home_t;
+userdom_user_home_content(user, vmware_home_t)
+
 # VMWare host programs
 type vmware_host_t;
 type vmware_host_exec_t;
 init_daemon_domain(vmware_host_t, vmware_host_exec_t)
 
-type vmware_log_t;
-logging_log_file(vmware_log_t)
-
 # Systemwide configuration files
 type vmware_sys_conf_t;
 files_type(vmware_sys_conf_t)
@@ -25,6 +25,9 @@
 type vmware_var_run_t;
 files_pid_file(vmware_var_run_t)
 
+type vmware_log_t;
+logging_log_file(vmware_log_t)
+
 ########################################
 #
 # VMWare host local policy
@@ -32,7 +35,7 @@
 
 allow vmware_host_t self:capability { setgid setuid net_raw };
 dontaudit vmware_host_t self:capability sys_tty_config;
-allow vmware_host_t self:process signal_perms;
+allow vmware_host_t self:process { execstack execmem signal_perms };
 allow vmware_host_t self:fifo_file rw_fifo_file_perms;
 allow vmware_host_t self:unix_stream_socket create_stream_socket_perms;
 allow vmware_host_t self:rawip_socket create_socket_perms;
@@ -48,6 +51,8 @@
 manage_files_pattern(vmware_host_t, vmware_log_t, vmware_log_t)	
 logging_log_filetrans(vmware_host_t, vmware_log_t, { file dir })
 
+files_search_home(vmware_host_t)
+
 kernel_read_kernel_sysctls(vmware_host_t)
 kernel_list_proc(vmware_host_t)
 kernel_read_proc_symlinks(vmware_host_t)
@@ -98,8 +103,6 @@
 
 sysadm_dontaudit_search_home_dirs(vmware_host_t)
 
-netutils_domtrans_ping(vmware_host_t)
-
 optional_policy(`
 	seutil_sigchld_newrole(vmware_host_t)
 
@@ -108,3 +111,14 @@
 optional_policy(`
 	udev_read_db(vmware_host_t)
 ')
+netutils_domtrans_ping(vmware_host_t)
+
+optional_policy(`
+	unconfined_domain(vmware_host_t)
+')
+
+optional_policy(`
+	xserver_xdm_rw_shm(vmware_host_t)
+')
+
+